Thursday, October 23, 2014

Digital Billboard Hacking 101



There are many types of electronic billboards, and many types have been hacked. From left to right: (1)Billboard in Hong Kong hacked by self-promoting thrill-seekers, via NY Daily News, (2)Digital billboard in Moscow hacked to show pornographic film, via BBC, and (3)Billboard hacked in Belgrade using iPhones, followed by a giant game of Space Invaders, via ABC News.


Councilmember Bob Kellar is a staunch supporter of Measure S, which proposes replacing conventional billboards in town with digital billboards along freeways. One of the reasons he favors this deal is that the City has no control over the content of conventional billboards, which can advertise all manner of vices; a board promoting La Vida Gentlemen's Club is often referenced in this regard. But Kellar argues that, as the landowner for new digital billboard operations, we will finally have control over content and be able to keep objectionable ads out of Santa Clarita.

Oh, will we?

During a discussion of digital billboards tonight, a friend said, "I wonder how long until those things get hacked..." This possibility (inevitability?) has received rather little attention. So as we sat at the  Rose & Crown Pub consuming chips and beer, I decided to investigate the world of digital billboard hacking.

Within 10 seconds, I had downloaded notes on digital billboard hacking from the DEF CON Hacking Conference onto my phone. In another 10 seconds, I was watching the corresponding presentation by a woman called Tottenkoph. She detailed "Hijacking the Outdoor Digital Billboard" (March 28, 2013; 1,517 views).

The vulnerabilities of digital billboards are surprisingly many. Logins and passwords like "admin" and "password" are often used. Over-eager sales teams are described as all too ready to give away technical details about digital billboards in hopes of securing a deal. Security may consist of a single camera aimed at the billboard face, not the infrastructure below. I'm guessing there are more than a few individuals in this valley who, given sufficient motivation and bravado, might work out all of the hacking particulars that went unsaid in the presentation. After all, people have managed to hack into payment information from Home Depot, into the PlayStation network, into the iCloud accounts of celebrities, and even into Iranian nuclear facilities (recall the Stuxnet Attack). Given these past breaches, it's hard to imagine that digital billboards are invulnerable.

If Santa Clarita's proposed digital billboards are, Heaven forfend, approved and installed, they may very well be attacked. It certainly wouldn't be the first time. The images at the beginning of this post show how digital billboards have been commandeered for self-promotion, mischief, or major disruption. From games of Space Invaders to hardcore pornography, the images projected by hackers can truly run the gamut.

There was a widely publicized case of skulls being projected on Los Angeles digital billboards in 2008 as part of a hack, but it was a false alarm that ended up being a legitimate, paid-for art installation (via Wired). Indeed, try as I might, I wasn't able to find any confirmed case of the hacking of an LA area digital billboard. Perhaps my concerns about hacking amount to nothing more than fear mongering--an attempt to enhance the logical objections to Measure S with anxiety and paranoia. For while we might reasonably agree that all digital things are hackable, that doesn't mean hackers will devote their energies to finding a way in. Since it's so close to Halloween, though, why not dwell on this frightful possibility just a little longer? Here's a bit of what Tottenkoph had to say in her talk:

 
"Now the great thing about this, about their wireless network, is that it's unencrypted, and it's not protected at all. We did a simple drive-by and we were able to see the network that the billboard was projecting from and connect. You could capture packets to see where the billboard is broadcasting to, spoof that IP address...and then, you know, etcetera, etcetera, but again, I don't know how to do this [winkingly] because this is all in theory." Audience laughs.



No comments: